VM web console connection fails due to missing Global.Proxy privilege in VMware vCenter Server
search cancel

VM web console connection fails due to missing Global.Proxy privilege in VMware vCenter Server

book

Article ID: 374599

calendar_today

Updated On:

Products

VMware vCenter Server 7.0 VMware vCenter Server 8.0

Issue/Introduction

  • When attempting to launch the HTML5 web console for a Virtual Machine from the vCenter Server, the browser displays a blank page with the following error: Couldn't establish a connection to the VM web console

  • VMware Remote Console (VMRC) and RDP sessions function normally.
  • The VM console launches successfully when accessed directly via the ESXi Host Client.
  • Observe Global.Proxy privilege missing error within log: /var/log/vmware/rhttpproxy/rhttpproxy-##.log
    [YYYY-MM-DDTHH:MM:SS] error rhttpproxy[03983] [Originator@6876 sub=RhttpProxy] [Rhttpproxy JWT] Missing privilege! Global.Proxy is required.
[YYYY-MM-DDTHH:MM:SS] error rhttpproxy[03983] [Originator@6876 sub=RhttpProxy] [Rhttpproxy REST PUT Handler] JWT verification failed
[YYYY-MM-DDTHH:MM:SS] error rhttpproxy[03947] [Originator@6876 sub=RhttpProxy] [Rhttpproxy JWT] Missing privilege! Global.Proxy is required.
[YYYY-MM-DDTHH:MM:SS] error rhttpproxy[03947] [Originator@6876 sub=RhttpProxy] [Rhttpproxy REST PUT Handler] JWT verification failed
  • And in /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log 
    [YYYY-MM-DDTHH:MM:SS] [ERROR] -nio-127.0.0.1-5090-exec-997 70148618 103212 200173 c.v.v.r.restclient.impl.EnvoyVapiRequestExecutorServiceImpl Couldn't execute request to reverse proxy REST API. Known eTag = 0 java.lang.RuntimeException: Route wasn't added to any listeners.
        at com.vmware.vise.vim.messaging.webconsole.WebconsoleRequestHandler.lambda$handleRequest$0(WebconsoleRequestHandler.java:246)
 

Environment

  • vCenter Server 7.x
  • vCenter Server 8.x 

Cause

Global.Proxy privilege is not enabled for the role named "vSphere Client Service Account".

Resolution

Enable the missing Global.Proxy privilege for the "vSphere Client Service Account" role by following the steps below to resolve the VM console issue.

  1. Open the browser and login to the vCenter Server webclient using SSO Administrator eg: [email protected]
  2. Navigate to Administration >Access Control > Roles
  3. Select vSphere Client Service Account and click on edit.
  4. Navigate to the Global section and select the Proxy option as mentioned below:

5.The VM console launches successfully after the privilege is enabled.

Note: If the problem persists, proceed with a full restart of all vCenter services. To restart all vCenter services, run the command:

          # service-control --stop --all && service-control --start --all

Powered by Wolken Software